Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: SecZone

SecZone 2011: SAP (in)security Slides

As I said in my previous blogpost, SecZone was a great experience. I took the feedback I got from my Hashdays talk on the same subject and improved on some of the aspects of my talk. Although the changes are minor and no new research content was added, I’ve uploaded the slides to slideshare for those interested.

Thanks to the #DirtySec crew for the feedback! Always room for improvement!

SAP (in)security: Scrubbing SAP clean with SOAP

As usual if you have any feedback or questions… please get in touch!

Advertisements

SecZone: Just the facts!

It’s been a week now since I flew back from Colombia. I’ve been trying to get my thoughts in order to describe what Colombia meant to me personally, and what I think the conference meant to the people in Colombia. There’s been a lot of hype about this being the first international InfoSec conference in Colombia, and a lot of emphasis on the “experts” being flown in for the event. Putting aside my dislike of the word “experts” I feel proud to have been part of the first ever SecZone… and I’m only now coming to terms with everything.

I was sceptical on many levels when I boarded the plane to fly out. I was worried about possible security issues (no, I’m not talking buffer overflows here), and I was worried that the hype might not match with the reality at all. What I found once we arrived though was friendly faces, helpful people and a conference that, even if not the largest in the world, certainly had a special feeling and a real uniqueness to it all! It was unlike any security conference I’ve attended, and certainly a memory I’ll have with me for years to come.

It’s hard to tie down specifics, and taking a weeks worth of experiences in putting them into a single blogpost would never do it justice. There’s just no way to describe things…

How do you describe David Marcus convincing the army bomb disposal representative into demonstrating the bomb disposal robot. Yes, Dave got it to press enter on his keyboard. Pity he couldn’t get it on stage to automate his slides 😉

How do you describe the whirlwind drive through the Colombian mountains culminating at a childs petting zoo in the middle of nowhere (those who were there will know why this was a worthy of a mention ;)

How do you describe the hilarity of Chris Nickerson’s and Ian Amit’s “Red Team Testing” class being live translated by a group of Colombian school girls (for the benefit of the non-English speakers who attended)

These are just things you need to live through… what better way to end the #DirtySec 2011 tour!

Videos of the event are in the process of being edited and should be released with English/Spanish. As this is only my 2nd “big” conference talk I’m looking forward to seeing how bad my presentation really was. There’s always room for improvement!

Some Stats from SecZone 2011:

Attendees: 454 people (Colombia, UK, USA, Venezuela, Brazil, Argentina, and Mexico)

Live Video: 2403 people (Colombia, USA, Canada, UK, Chile, Ecuador, Spain, Peru, Switzerland, Germany, Belgium, Venezuela, Estonia, Argentina, Greece, Guatemala, France, Mexico, South Africa, Romania, Panama, Hungary, Portugal, Ireland, India, Brazil, Egypt)

Training attendees: 92 people (4 training classes)

SecZone 2012?

Planning for next year is already underway… bigger… better… and Cali knows what to expect next year.

Looks like #DirtySec 2012 tour will include SecZone for a while to come!

Getting all SOAPy in Cali…

It’s not often that you get the chance to visit a country like Colombia… and even rarer that you get the chance to be part of something big like the birth of a conference. So, when I got the call that a new conference was starting up in Cali, Colombia I jumped at the chance to be a part of something special.

Over the past few months SecurityZone has gone from this far off dream, into a solid reality… What started of as a vision has really taken shape, and it’s better than even we could have hoped for! Plans are in place, tickets are booked and the list of amazing speakers and trainers just keeps getting better and better.

I knew I’d be proud to be part of SecurityZone, but now I realise that I’m lucky to be counted amongst the big name presenters flying out. I just hope my small contribution to the conference can match up to what I know will be amazing content from people like Ian Amit, Chris Nickerson, Wim Remes, Stefan Friedl, Dave Kennedy and a whole handful more!

As if that wasn’t already enough, SecurityZone is a great chance to see a part of the world that I might never see otherwise, and I intend to make the most of that chance… I hope you do too.

Hope to see you there!

Oh yeah, on a side note… Ian Amit and Chris Nickerson are running what can only be described as a once in a lifetime chance as they run a red-team testing workshop. I’d love to be a fly on the wall in that one 😉 <hint hint>